beta.eva.aft.amazon.dev Open in urlscan Pro
2600:9000:214f:b800:3:d61:2d00:93a1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://beta.eva.aft.amazon.dev/
Submission Tags: @phishunt_io
Submission: On November 21 via api (November 21st 2020, 9:58:23 am UTC) from ES

Summary HTTP 6 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 2600:9000:214f:b800:3:d61:2d00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is beta.eva.aft.amazon.dev.
TLS certificate: Issued by Amazon on November 20th 2020. Valid for: a year.

This is the only time beta.eva.aft.amazon.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	2600:9000:214... 2600:9000:214f:b800:3:d61:2d00:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	52.49.70.147 52.49.70.147	16509 (AMAZON-02) (AMAZON-02)
1 2	52.94.220.70 52.94.220.70	16509 (AMAZON-02) (AMAZON-02)
6	3

5 2600:9000:214f:b800:3:d61:2d00:93a1 (United States)

ASN16509 (AMAZON-02, US)

beta.eva.aft.amazon.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.70.147 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-70-147.eu-west-1.compute.amazonaws.com

internal-cdn.amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.94.220.70 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

midway-auth.amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	amazon.dev beta.eva.aft.amazon.dev	140 KB
3	amazon.com 2 redirects internal-cdn.amazon.com midway-auth.amazon.com	2 KB
6	2

	Domain	Requested by
5	beta.eva.aft.amazon.dev	beta.eva.aft.amazon.dev
2	midway-auth.amazon.com	1 redirects beta.eva.aft.amazon.dev
1	internal-cdn.amazon.com	1 redirects
6	3

This site contains no links.

Subject Issuer	Validity	Valid
beta.eva.aft.amazon.dev Amazon	`2020-11-20` - `2021-12-19`	a year	crt.sh
midway-auth.dub.amazon.com Amazon	`2020-05-17` - `2021-05-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://beta.eva.aft.amazon.dev/
Frame ID: 4AA4357CFF858E12F7E2CC506ADB3FED
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i
headers server /^AmazonS3$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon S3 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Essential JS 2 () Expand

Overall confidence: 100%
Detected patterns

html /<[^<]+class="[^"]*[^-](?:e-control|e-lib)/i

Page Statistics

6
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

176 kB
Transfer

373 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://internal-cdn.amazon.com/badgephotos.amazon.com/?uid=shpakav HTTP 307
https://midway-auth.amazon.com/SSO/redirect?redirect_uri=https%3A%2F%2Finternal-cdn.amazon.com%2Fbadgephotos.amazon.com%2F%3Fuid%3Dshpakav&client_id=https%3A%2F%2Finternal-cdn.amazon.com%3A443&scope=openid&response_type=id_token&nonce=71b4fab7aa5bb8a5f7e1f8b032c4f1e6c6639bad68d9ef8e2119911c9615067b&sentry_handler_version=midwaygateway&response_mode=query&state=%2Fbadgephotos.amazon.com%2F%3Fuid%3Dshpakav HTTP 302
https://midway-auth.amazon.com/login?next=%2FSSO%2Fredirect%3Fredirect_uri%3Dhttps%253A%252F%252Finternal-cdn.amazon.com%252Fbadgephotos.amazon.com%252F%253Fuid%253Dshpakav%26client_id%3Dhttps%253A%252F%252Finternal-cdn.amazon.com%253A443%26scope%3Dopenid%26response_type%3Did_token%26nonce%3D71b4fab7aa5bb8a5f7e1f8b032c4f1e6c6639bad68d9ef8e2119911c9615067b%26sentry_handler_version%3Dmidwaygateway%26response_mode%3Dquery%26state%3D%252Fbadgephotos.amazon.com%252F%253Fuid%253Dshpakav&noauth=1&require_digital_identity=false

6 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response beta.eva.aft.amazon.dev/	2 KB 2 KB	75ms 28ms	Document text/html	2600:9000:214f:b800:3:d61:2d00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://beta.eva.aft.amazon.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:214f:b800:3:d61:2d00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `f9a440f6711adcf7b5ed396266ce81d553ccbb3c0df6285f2550dc4014d3504b` Request headers :method GET :authority beta.eva.aft.amazon.dev :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers content-type text/html date Sat, 21 Nov 2020 04:25:02 GMT last-modified Sat, 21 Nov 2020 00:04:30 GMT etag W/"948ff37b9fe4571339dae58ec4a998bf" x-amz-server-side-encryption AES256 x-amz-version-id TekOMS6YZug_OwHdOXo1gzhnS7exbHtS server AmazonS3 content-encoding gzip vary Accept-Encoding x-cache Hit from cloudfront via 1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront) x-amz-cf-pop FRA53-C1 x-amz-cf-id UWidJ8DgB2mVpr1zi5KAbCy2Du2WTSoOdS1muiKqtJh5RRsGxhNiBA== age 19985
GET H2	200	2.926692ae.chunk.css beta.eva.aft.amazon.dev/static/css/	159 KB 82 KB	33ms 29ms	Stylesheet text/css	2600:9000:214f:b800:3:d61:2d00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://beta.eva.aft.amazon.dev/static/css/2.926692ae.chunk.css Requested by Host: beta.eva.aft.amazon.dev URL: https://beta.eva.aft.amazon.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:214f:b800:3:d61:2d00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `dcb66f4c72cbb106361addf2b33979eb47230a5694fb5325c3802d8932488903` Request headers Referer https://beta.eva.aft.amazon.dev/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-amz-server-side-encryption AES256 date Fri, 20 Nov 2020 21:41:23 GMT content-encoding gzip last-modified Fri, 20 Nov 2020 20:21:52 GMT server AmazonS3 age 44204 etag W/"d7eba27681abd59b57f99de09b4d21c0" vary Accept-Encoding x-cache Hit from cloudfront x-amz-version-id mQfh3vbcLlQqvqndraB5n1bDw1DxgdVJ via 1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront) x-amz-cf-pop FRA53-C1 content-type text/css x-amz-cf-id 1p3nzW7ZVJQ6Oo1lOynZhmlpVlrsWB_a5nIDdnFt_9lacf9C5w3JCw==
GET H2	200	main.ca644363.chunk.css beta.eva.aft.amazon.dev/static/css/	1 KB 1 KB	46ms 44ms	Stylesheet text/css	2600:9000:214f:b800:3:d61:2d00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://beta.eva.aft.amazon.dev/static/css/main.ca644363.chunk.css Requested by Host: beta.eva.aft.amazon.dev URL: https://beta.eva.aft.amazon.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:214f:b800:3:d61:2d00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `a1c369504c226f953811f623d4cd59e712435c886f0a321b608688209bb78aaf` Request headers Referer https://beta.eva.aft.amazon.dev/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-amz-server-side-encryption AES256 date Fri, 20 Nov 2020 21:41:23 GMT content-encoding gzip last-modified Fri, 20 Nov 2020 20:21:52 GMT server AmazonS3 age 44204 etag W/"25265339643a347db03c0ce1be691938" vary Accept-Encoding x-cache Hit from cloudfront x-amz-version-id cHBMMiucGBQUH8.6MTpFO9x_7HnRDZZA via 1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront) x-amz-cf-pop FRA53-C1 content-type text/css x-amz-cf-id p9SV9rElOwU9jr_is8SpTe-mqQi9VG3LxQ8_f-SFtXiDFs00l4zINQ==
GET H2	200	2.422f057c.chunk.js Show response beta.eva.aft.amazon.dev/static/js/	173 KB 54 KB	41ms 39ms	Script application/javascript	2600:9000:214f:b800:3:d61:2d00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://beta.eva.aft.amazon.dev/static/js/2.422f057c.chunk.js Requested by Host: beta.eva.aft.amazon.dev URL: https://beta.eva.aft.amazon.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:214f:b800:3:d61:2d00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `2c2891af5f78f93f44372f5781a75214ab2931a0fc1ad135e7d3ad034616ebfa` Request headers Referer https://beta.eva.aft.amazon.dev/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-amz-server-side-encryption AES256 date Fri, 20 Nov 2020 21:41:23 GMT content-encoding gzip last-modified Fri, 20 Nov 2020 20:21:52 GMT server AmazonS3 age 44204 etag W/"da017621f96f8ffc0cfa12ea4327144f" vary Accept-Encoding x-cache Hit from cloudfront x-amz-version-id Gm4h3mrT0TsvFkDeBVHwgZqXrMBo6Vvg via 1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront) x-amz-cf-pop FRA53-C1 content-type application/javascript x-amz-cf-id EuDS2r7yQO_P5lhbiOhKYXGmrIpfTP9g-DTSnTA77oMA5x75tnfBkg==
GET H2	200	main.9082ddc4.chunk.js Show response beta.eva.aft.amazon.dev/static/js/	3 KB 1 KB	642ms 640ms	Script application/javascript	2600:9000:214f:b800:3:d61:2d00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://beta.eva.aft.amazon.dev/static/js/main.9082ddc4.chunk.js Requested by Host: beta.eva.aft.amazon.dev URL: https://beta.eva.aft.amazon.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:214f:b800:3:d61:2d00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `cd3f588bbc003904e4a01431a71462f5fc44c813371a5615431b308ea2346ebd` Request headers Referer https://beta.eva.aft.amazon.dev/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-amz-server-side-encryption AES256 date Sat, 21 Nov 2020 09:58:08 GMT content-encoding gzip last-modified Sat, 21 Nov 2020 00:04:30 GMT server AmazonS3 x-amz-cf-pop FRA53-C1 etag W/"7c033e20ba5193ded41f9400c77e6301" vary Accept-Encoding x-cache Miss from cloudfront x-amz-version-id _eq3cdjtGg3ivaNWGlk06B_RgJrwV3Fu via 1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront) content-type application/javascript x-amz-cf-id Nfu_BdTqXoB4ST5zZ8NypdK2Sd7TZ4mftFaC_TTeeClOEvBeaUrDug==
GET DATA	200 OK	truncated /	18 KB 18 KB		Font font/woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `24c1539f8b1c267f2e4a9ec4a7479bec293717ce6c57f89ceefb3d0c96a3688e` Request headers Origin https://beta.eva.aft.amazon.dev Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type font/woff
GET DATA	200 OK	truncated /	18 KB 18 KB		Font font/woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dd22b81b898eb407a56ff6b2ac75c7739745331c8b790e83e7dde68966fc16ce` Request headers Origin https://beta.eva.aft.amazon.dev Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type font/woff
GET H2	200	login midway-auth.amazon.com/ Redirect Chain https://internal-cdn.amazon.com/badgephotos.amazon.com/?uid=shpakav https://midway-auth.amazon.com/SSO/redirect?redirect_uri=https%3A%2F%2Finternal-cdn.amazon.com%2Fbadgephotos.amazon.com%2F%3Fuid%3Dshpakav&client_id=https%3A%2F%2Finternal-cdn.amazon.com%3A443&scop... https://midway-auth.amazon.com/login?next=%2FSSO%2Fredirect%3Fredirect_uri%3Dhttps%253A%252F%252Finternal-cdn.amazon.com%252Fbadgephotos.amazon.com%252F%253Fuid%253Dshpakav%26client_id%3Dhttps%253A...	0 0	46ms 45ms	Image text/html	52.94.220.70 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://midway-auth.amazon.com/login?next=%2FSSO%2Fredirect%3Fredirect_uri%3Dhttps%253A%252F%252Finternal-cdn.amazon.com%252Fbadgephotos.amazon.com%252F%253Fuid%253Dshpakav%26client_id%3Dhttps%253A%252F%252Finternal-cdn.amazon.com%253A443%26scope%3Dopenid%26response_type%3Did_token%26nonce%3D71b4fab7aa5bb8a5f7e1f8b032c4f1e6c6639bad68d9ef8e2119911c9615067b%26sentry_handler_version%3Dmidwaygateway%26response_mode%3Dquery%26state%3D%252Fbadgephotos.amazon.com%252F%253Fuid%253Dshpakav&noauth=1&require_digital_identity=false Requested by Host: beta.eva.aft.amazon.dev URL: https://beta.eva.aft.amazon.dev/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.94.220.70 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://beta.eva.aft.amazon.dev/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Redirect headers date Sat, 21 Nov 2020 09:58:07 GMT x-content-type-options nosniff x-permitted-cross-domain-policies none status 302 Found x-host midway-auth-prod-dub8-15003.dub8.amazon.com x-xss-protection 1; mode=block x-request-id 918cdf87-6977-46ae-92b3-2ab2994df2c9 referrer-policy strict-origin-when-cross-origin server nginx/1.18.0 x-frame-options SAMEORIGIN x-download-options noopen strict-transport-security max-age=31536000; includeSubDomains, max-age=31536000 content-type text/html; charset=utf-8 location https://midway-auth.amazon.com/login?next=%2FSSO%2Fredirect%3Fredirect_uri%3Dhttps%253A%252F%252Finternal-cdn.amazon.com%252Fbadgephotos.amazon.com%252F%253Fuid%253Dshpakav%26client_id%3Dhttps%253A%252F%252Finternal-cdn.amazon.com%253A443%26scope%3Dopenid%26response_type%3Did_token%26nonce%3D71b4fab7aa5bb8a5f7e1f8b032c4f1e6c6639bad68d9ef8e2119911c9615067b%26sentry_handler_version%3Dmidwaygateway%26response_mode%3Dquery%26state%3D%252Fbadgephotos.amazon.com%252F%253Fuid%253Dshpakav&noauth=1&require_digital_identity=false cache-control no-cache content-security-policy default-src 'self'; connect-src 'self' https://stpsentry.aka.amazon.com https://midway-static.amazon.com/app-id.json; object-src 'none'; frame-ancestors 'self'; script-src 'self' https://d3s096xoykcjlq.cloudfront.net; style-src 'self' https://d3s096xoykcjlq.cloudfront.net; img-src 'self' https://d3s096xoykcjlq.cloudfront.net

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

beta.eva.aft.amazon.dev
internal-cdn.amazon.com
midway-auth.amazon.com
2600:9000:214f:b800:3:d61:2d00:93a1
52.49.70.147
52.94.220.70
24c1539f8b1c267f2e4a9ec4a7479bec293717ce6c57f89ceefb3d0c96a3688e
2c2891af5f78f93f44372f5781a75214ab2931a0fc1ad135e7d3ad034616ebfa
a1c369504c226f953811f623d4cd59e712435c886f0a321b608688209bb78aaf
cd3f588bbc003904e4a01431a71462f5fc44c813371a5615431b308ea2346ebd
dcb66f4c72cbb106361addf2b33979eb47230a5694fb5325c3802d8932488903
dd22b81b898eb407a56ff6b2ac75c7739745331c8b790e83e7dde68966fc16ce
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f9a440f6711adcf7b5ed396266ce81d553ccbb3c0df6285f2550dc4014d3504b

beta.eva.aft.amazon.dev Open in urlscan Pro 2600:9000:214f:b800:3:d61:2d00:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

33 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

176 kBTransfer

373 kBSize

0 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

0 Cookies

Indicators

beta.eva.aft.amazon.dev Open in urlscan Pro
2600:9000:214f:b800:3:d61:2d00:93a1 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

176 kB
Transfer

373 kB
Size

0
Cookies

6 HTTP transactions
2 data transactions